Android Lock Screen Vulnerability Could Give Attackers Complete Access To Your Phone — What To Do
© i_am_zews/Shutterstock zeroAttention Android users, you need to update your phone.
According to Bleeping Computer, there is a way to bypass your Android phone's lock screen completely, even on smartphones running Android 13. The vulnerability was discovered by cybersecurity researcher David Schutz, who accidentally managed to bypass the screen to lock his Pixel 6. accidentally locked the SIM card. The only downside of this vulnerability is that the phone has to be unlocked once after the last reboot. It's also unclear if this exploit will work on devices with a SIM card, but it appears to work on any Android phone that has a physical SIM slot.
The good news is that Google is aware of the issue and has patched the vulnerability in the November 7 security update. So as long as you have it installed, you should be fine. The bug affects devices running Android 10 or higher. So if you have an Android device, you should make sure that you have the latest updates. The bug was only found on the Google Pixel 6 and Google Pixel 5, but there's no indication that the problem is limited to Pixel phones. If you have an Android phone, make sure to launch and update it.
Bypassing the Android lock screen is relatively easy. Basically, anyone with physical access to a phone and an additional SIM card can do it.
While the device screen is in sleep mode, try to wake it up and unlock it. It won't work if you don't have the correct fingerprint or PIN. If you fail frequently enough, the device will temporarily disable further unlock attempts.
Here's the trick. When this temporary unlock is disabled, attackers only need to remove your SIM card and insert their own SIM card. After that, they just need to enter the wrong SIM PIN until the phone asks them to enter their Personal Unlock Code/Personal Unlock Key (POC/PUK). As long as the attacker enters the POC/PUK correctly, he will be asked to enter a new PIN code for the SIM card. After setting this PIN, the phone is unlocked and the attacker gets full access to the device.
Again, this can affect all newer and better Android phones, even if a vulnerability was found in the Google Pixel 6. So make sure that even if you buy a new device, you update Android to the latest version and get the November 7 security patch.
